From c3707dc8140b4a031ea45fe7a831338b68e060a8 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Fri, 3 Apr 2026 10:30:22 -0400 Subject: [PATCH 1/3] fix suricata bpf for transition mode --- salt/suricata/config.sls | 2 +- salt/suricata/map.jinja | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/salt/suricata/config.sls b/salt/suricata/config.sls index e0b85b7e7..ce52d94ef 100644 --- a/salt/suricata/config.sls +++ b/salt/suricata/config.sls @@ -10,7 +10,7 @@ {% from 'suricata/map.jinja' import SURICATAMERGED %} {% from 'bpf/suricata.map.jinja' import SURICATABPF, SURICATA_BPF_STATUS, SURICATA_BPF_CALC %} -{% if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %} +{% if GLOBALS.pcap_engine == "SURICATA" %} {% from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS, PCAP_BPF_CALC %} # BPF compilation and configuration {% if PCAPBPF and not PCAP_BPF_STATUS %} diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja index 781935fe9..427abf274 100644 --- a/salt/suricata/map.jinja +++ b/salt/suricata/map.jinja @@ -11,9 +11,19 @@ {# before we change outputs back to list, enable pcap-log if suricata is the pcapengine #} {% if GLOBALS.pcap_engine in ["SURICATA", "TRANSITION"] %} -{% from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %} -{% if PCAPBPF and PCAP_BPF_STATUS %} -{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %} +{% if GLOBALS.pcap_engine == "SURICATA" %} +{% from 'bpf/pcap.map.jinja' import PCAPBPF, PCAP_BPF_STATUS %} +{% if PCAPBPF and PCAP_BPF_STATUS %} +{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': PCAPBPF|join(" ")}) %} +{% endif %} +{% elif GLOBALS.pcap_engine == "TRANSITION" %} +{% import_yaml 'bpf/defaults.yaml' as BPFDEFAULTS %} +{% set BPFMERGED = salt['pillar.get']('bpf', BPFDEFAULTS.bpf, merge=True) %} +{% import 'bpf/macros.jinja' as MACROS %} +{{ MACROS.remove_comments(BPFMERGED, 'pcap') }} +{% if BPFMERGED.pcap %} +{% do SURICATAMERGED.config.outputs['pcap-log'].update({'bpf-filter': BPFMERGED.pcap|join(" ")}) %} +{% endif %} {% endif %} {% set PCAP = salt['pillar.get']('pcap', {'enabled': false}) %} From 043feee4c0d25f1f2377ebb30f45d131743354a1 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Mon, 6 Apr 2026 09:30:53 -0400 Subject: [PATCH 2/3] update HOTFIX --- HOTFIX | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HOTFIX b/HOTFIX index d3f5a12fa..6701a9258 100644 --- a/HOTFIX +++ b/HOTFIX @@ -1 +1 @@ - +20260407 From b63d5e4c83f48172db6b5a43a18c3a426c0408ec Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 7 Apr 2026 11:27:57 -0400 Subject: [PATCH 3/3] 2.4.211 hotfix --- DOWNLOAD_AND_VERIFY_ISO.md | 22 ++++++++++---------- sigs/securityonion-2.4.211-20260407.iso.sig | Bin 0 -> 566 bytes 2 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 sigs/securityonion-2.4.211-20260407.iso.sig diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md index 9fa9da797..98739159c 100644 --- a/DOWNLOAD_AND_VERIFY_ISO.md +++ b/DOWNLOAD_AND_VERIFY_ISO.md @@ -1,17 +1,17 @@ -### 2.4.211-20260312 ISO image released on 2026/03/12 +### 2.4.211-20260407 ISO image released on 2026/04/07 ### Download and Verify -2.4.211-20260312 ISO image: -https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso +2.4.211-20260407 ISO image: +https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260407.iso -MD5: 7082210AE9FF4D2634D71EAD4DC8F7A3 -SHA1: F76E08C47FD786624B2385B4235A3D61A4C3E9DC -SHA256: CE6E61788DFC492E4897EEDC139D698B2EDBEB6B631DE0043F66E94AF8A0FF4E +MD5: 35ECDD0BC10E56874D9F5725CA6C5888 +SHA1: 30CE6CB0ED0059A3260368E4F296B8DBA381F9CD +SHA256: 185D8CF49CD3BFDD8876B8DDE48343DA90804B0C0EC3EADF0AD90D29C55E72B7 Signature for ISO image: -https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig +https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260407.iso.sig Signing key: https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS @@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2. Download the signature file for the ISO: ``` -wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260312.iso.sig +wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.211-20260407.iso.sig ``` Download the ISO image: ``` -wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260312.iso +wget https://download.securityonion.net/file/securityonion/securityonion-2.4.211-20260407.iso ``` Verify the downloaded ISO image using the signature file: ``` -gpg --verify securityonion-2.4.211-20260312.iso.sig securityonion-2.4.211-20260312.iso +gpg --verify securityonion-2.4.211-20260407.iso.sig securityonion-2.4.211-20260407.iso ``` The output should show "Good signature" and the Primary key fingerprint should match what's shown below: ``` -gpg: Signature made Wed 11 Mar 2026 03:05:09 PM EDT using RSA key ID FE507013 +gpg: Signature made Mon 06 Apr 2026 02:58:51 PM EDT using RSA key ID FE507013 gpg: Good signature from "Security Onion Solutions, LLC " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. diff --git a/sigs/securityonion-2.4.211-20260407.iso.sig b/sigs/securityonion-2.4.211-20260407.iso.sig new file mode 100644 index 0000000000000000000000000000000000000000..8a6a5b7e7e22099d12cd989434264ba7a04673ae GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j-41gSkXz6^6dp_W8^5Ma0dP;e6k0%_C&YXAxf5PT3| zxBgIY6M1eA{To)O$beu1Uq{0cG_!Y6tOR%_*8G6XB?=m}dk+nkHZ75_B3{s@QDm2z zf;n=%Yx5Aq{J8CNSU*Mhbb578=11QLlY~ilXF4s(v3;-fp-=zsts~jp*E2l@Yh%

&y3(W~Mqbl+j{^AKu9JYMAG@>|4QzHD64-fTdFn-gwQV5sZkkum| zJ@$H4U*)yMH>MtT|NL9uDG{)gI0-|GrNg`puhU;<^umOX6cN~w6i>&G;%4T`Gvt~Ll**S9+ E6(*()KmY&$ literal 0 HcmV?d00001